Skip to content

Commit 170024d

Browse files
committed
Freeze SIMD decode admission scope
1 parent d70e98d commit 170024d

4 files changed

Lines changed: 51 additions & 3 deletions

File tree

README.md

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,9 +96,15 @@ Implemented now:
9696

9797
Planned behind admission evidence:
9898

99-
- Additional admitted wasm `simd128`, custom alphabet, in-place, and decode
100-
fast paths after the SIMD admission evidence is complete. Default builds and
101-
unsupported runtime CPUs remain scalar.
99+
- SIMD decode acceleration for strict Standard and URL-safe alphabets after
100+
the `1.3.0` decode admission evidence is complete. The frozen first scope is
101+
padded and unpadded strict decode only: no line wrapping, no legacy
102+
whitespace, no custom alphabets, no bcrypt/crypt profiles, and no
103+
constant-time-oriented secret decode. Default builds, unsupported runtime
104+
CPUs, `no_std`, and all out-of-scope decode surfaces remain scalar.
105+
- Additional admitted wasm `simd128`, custom alphabet, and in-place encode
106+
fast paths only after separate SIMD admission evidence is complete. Default
107+
builds and unsupported runtime CPUs remain scalar.
102108
- Full async streaming wrappers only after the `tokio` feature passes the
103109
cancellation-safety admission bar in [docs/ASYNC.md](docs/ASYNC.md). The
104110
`base64-ng-tokio` companion crate currently provides bounded async

docs/SECURITY_CONTROLS.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -263,6 +263,11 @@ constant-time behavior is required. Streaming decoders intentionally use the
263263
normal strict decoder so they can preserve I/O-style behavior and avoid
264264
buffering unbounded frames. For secrets, collect one complete protocol frame
265265
under an application size limit and decode it with `ct::CtEngine`.
266+
Future normal SIMD decode admission is not a secret-decoding claim. The
267+
`1.3.0` decode acceleration scope is limited to strict Standard and URL-safe
268+
interoperability decode, and the `base64_ng::ct` constant-time-oriented decode
269+
path remains scalar unless a separate formal side-channel evidence package
270+
admits otherwise.
266271
Deployments that require the most conservative side-channel posture should
267272
combine `base64_ng::ct` with
268273
`runtime::BackendPolicy::HighAssuranceScalarOnly` so sensitive decode paths

docs/SIMD.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,14 @@ The SIMD roadmap separates implementation evidence from active acceleration:
7474
the `1.2.x` decode evidence line is complete and the encode acceleration line
7575
has remained stable.
7676

77+
The `1.3.0` decode scope is frozen before implementation starts: strict
78+
Standard and URL-safe decode only, padded and unpadded, through the normal
79+
strict decode backend boundary. Wrapped decode, legacy whitespace decode,
80+
custom alphabets, bcrypt-style and `crypt(3)` profiles, in-place decode,
81+
`no_std` SIMD dispatch, wasm runtime dispatch, and the `base64_ng::ct`
82+
constant-time-oriented secret decode path remain scalar unless separately
83+
admitted with their own evidence package.
84+
7785
The detailed `1.2.3` to `1.3.0` workflow is commit-based rather than
7886
tag-based. Each planned commit is followed by pentest and CI review before the
7987
next implementation commit starts. See
@@ -196,6 +204,12 @@ runtime behavior for that line.
196204
prototype-only unless the SIMD admission manifest, scalar differential tests,
197205
fuzz evidence, unsafe inventory, architecture evidence, benchmark evidence,
198206
and release wording are updated together.
207+
- Decode acceleration is higher risk than encode acceleration because the
208+
accelerated path must match scalar behavior for invalid bytes, padding
209+
placement, non-canonical trailing bits, undersized outputs, partial-output
210+
cleanup, and public error behavior. No decode backend may dispatch until
211+
those properties are covered by tests, fuzz evidence, generated-code review,
212+
unsafe inventory, hardware evidence where applicable, and release wording.
199213
- CI checks the reserved `simd` feature in `no_std` mode for x86_64, aarch64,
200214
FreeBSD, wasm32, and Cortex-M targets.
201215
- Performance claims must be backed by local benchmark evidence, not roadmap

docs/SIMD_ADMISSION.md

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,29 @@ only for backends named in this file and the release gate.
2323
may use admitted fixed-block encode for its unwrapped staging step;
2424
line-ending insertion remains scalar.
2525

26+
## `1.3.0` Decode Admission Scope Freeze
27+
28+
The first decode acceleration line is intentionally narrower than the full
29+
decode API. Any `1.3.0` decode backend admission must start with strict
30+
Standard and URL-safe alphabets only, for padded and unpadded inputs, through
31+
the normal strict decode backend boundary. The following surfaces remain
32+
scalar unless a later evidence package separately admits them:
33+
34+
- line-wrapped MIME/PEM decode
35+
- legacy whitespace-tolerant decode
36+
- bcrypt-style and `crypt(3)`-style profiles
37+
- custom alphabets
38+
- `no_std` SIMD dispatch
39+
- wasm `simd128` runtime dispatch
40+
- in-place decode
41+
- constant-time-oriented `base64_ng::ct` secret decode
42+
43+
This scope is frozen before implementation work starts so security review can
44+
separate normal strict decode acceleration from the constant-time-oriented
45+
scalar path. Future normal SIMD decode must not be routed into `ct::CtEngine`
46+
or advertised as a secret-decoding acceleration path without a separate formal
47+
side-channel evidence package.
48+
2649
## Required For Every Admitted Backend
2750

2851
Before a backend is admitted, complete

0 commit comments

Comments
 (0)